A central alarm system refers to a burglar alarm, a fire alarm, a combination of a burglar alarm and a fire alarm, or another alarm system that includes a central station. The central station facilitates monitoring of the status of at least one alarm by a human operator. The central station may be monitored by trained operators in attendance at most or all times. For example, if a fire alarm is triggered, the operator may confirm the presence of a fire in a building and call the local fire department. Further, an operator may dispatch a runner or an alarm investigator to make an investigation of unauthorized entry or opening of protected properties from which signals are received.
The central alarm system supports the operation of electrical protection circuits and devices, such as sensors. The central station supports one or more of the following functions of the electrical protection circuits and devices: signaling, communications, maintenance, control, and supervision. For example, the central station may control the arming and disarming of the central alarm system or affiliated devices. Further, the central station may support the recording of alarm status information communicated between the central station and the electrical protection circuit or device.
An intrusion detection system monitors for a breach of security of one or more protected computers, which are susceptible to attack from a communications network (e.g., Internet). A protected computer refers to a computer that is protected against unauthorized activity by an associated firewall, internal access control system, or another security measure. A firewall encompasses software instructions, computer hardware, or both that filter traffic on a communications network to allow authorized traffic to pass through the firewall, while providing a barrier for unauthorized traffic. When an intrusion or other suspicious event is detected, the intrusion detection system creates an alarm that may represent a reportable event for presentation to human operators.
In the prior art, the intrusion detection system may not be an effective barrier to illicit activity unless a person monitors the intrusion alarms on a realtime basis as an intrusion is occurring. For example, if a technician is aware that a protected computer is under imminent or present attack, a skilled technician could ameliorate the problem by imposing new security constraints in response to the attack. However, several technical obstacles prevent the intrusion alarms from being monitored on a real-time basis. The intrusion detection system may produce cryptic alarm data that requires deciphering of codes that are not readily understandable without referring to reference manuals. Thus, a security guard or dispatcher may not have the appropriate technical sophistication, training, or time to sort through the alarm report provided by the intrusion detection system. The intrusion detection system may produce large volumes of intrusion alarm messages that can quickly overwhelm a technically sophisticated user, such as an information systems professional. Although some intrusion detection systems provide web-based notification to human operators, many prior art intrusion detection systems generally fail to provide reliable and secure event routing to support large-scale call centers.
Thus, a need exists for integrating the intrusion detection system with a central alarm system so that only significant alarms from the intrusion detection system are presented to the operator at a user console for immediate attention.
In accordance with the invention, an alarm interface system and method receives intrusion alarm messages from an intrusion detection system. The alarm interface system organizes a group of the intrusion alarm messages into a time sequence. A highest priority alarm message is selected from the group. An analysis process analyzes the highest priority alarm message to extract raw locale information. The raw locale information may be translated into refined locale information (e.g., zone identifier) for inclusion in a central station-compatible data message.
The presence of the zone identifier in the central station-compatible data message allows the intrusion detection system to be compatible with the context of a central alarm system that supports burglar alarms, fire alarms, or both. Accordingly, an operator of a user console may readily interpret a highest priority intrusion alarm message in substantially the same manner as a conventional burglar alarm or a fire alarm, where technicians or other security countermeasures can be deployed for an indicated location.
The method and the alarm interface system of the invention facilitates integration of an intrusion detection system and a central alarm system to realize labor efficiencies, equipment efficiencies, or both. The alarm interface system permits an intrusion detection system to use or share existing outbound call routing technology, which is available for monitoring environments associated with burglar alarms. Thus, the alarm interface system is well suited for providing cost-effective monitoring of computer-related alarms from the intrusion detection system. The alarm interface system promotes reduced labor costs by leveraging the presence of the operator who mans the central alarm system to monitor the intrusion alarm system too. Further, the alarm interface system promotes reliability in monitoring the intrusion alarm system by exploiting the fault tolerant and redundant architecture that is often representative of the central alarm system that supports fire alarms, burglar alarms, or both.
An operator equipped with the appropriate intelligible presentation of computer alarms may react quickly prevent substantial economic harm that might otherwise occur from malicious or destructive tampering with a business entity""s internal data. Further, an operator equipped in this way can take remedial action in response to a denial of service attack that is specific to a computer network or host. A denial of service attack is designed to make a computer system or network unavailable for normal use by flooding the computer system with incoming data messages. A quick and successful response to a denial of service attack requires continuous monitoring of protected computers and effective reporting of events indicative of a denial of service attack.